Risk is yet another consideration for shared services centers. While risk has always been part of the decision making process, it is becoming more important as organizations face a climate of increased global and industry regulation and fiscal oversight as well as potential threats to corporate data security. Ensuring that in-house or outsourced shared services centers must meet stringent security requirements is a difficult task and organizations must put additional checks and balances in place to ensure that corporate data does not fall into the wrong hands.

While the centralization of AP invoice receipts in a shared services center guards against duplicate and fraudulent payments and electronic workflow approvals, allow for more efficient data entry and enforces appropriate controls, moving processes without proper evaluation can put these critical processes at risk of failure.

'Process-risk' is heightened by moving ineffective processes into a new business model without appropriate preparation for change. Manual, paper-based processes do not lend themselves to a shared services model. Outsourced providers cannot be relied upon to deliver necessary process optimization. The right process and organizational design can help to mitigate these risks.

Structural risk is also a concern. The unknown risks involved with moving shared services centers to other locations, results in difficult questions about whether organizations should use a global or regional service center model and whether that service center should be in-house or outsourced. In fact, the Deloitte 2014 Global Outsourcing and Invoicing study stated that 40% of respondents believe increased data privacy regulation will likely lead to a decrease in outsourcing (Deloitte, Deloitte's 2014 Global Outsourcing and Insourcing Survey, 2014).